Liveness Settings
Liveness Configuration
Keyless SDK provides three officially-supported configurations for the liveness detection (antispoofing component), listed below from the lowest to the highest level of security:
PASSIVE_STANDALONE_MEDIUM
- for testing purposes onlyPASSIVE_STANDALONE_HIGH
- for most production use (SDK default)PASSIVE_STANDALONE_HIGHEST
- for higher security production use
Increasing the security level increases the ability of the system to reject spoof attempts (true positive rate, or TPR). A higher security level also increases the genuine reject rate (false positive rate, or FPR) and the time required by the anti-spoofing module to make a decision.
For most production scenarios, Keyless recommends the use of PASSIVE_STANDALONE_HIGH
. This setting offers a good tradeoff between TPR, FPR, and time-to-decision. For scenarios that require a higher security level, we recommend increasing this setting to PASSIVE_STANDALONE_HIGHEST
.
Configuring livenessEnvironmentAware
The livenessEnvironmentAware
feature enforces stricter environmental checks during the liveness process and is an important layer of protection against biometric attacks. This is set to true
by default for enhanced security pruposes.
Note that we have observed that on a very limited set of devices this may prevent some users from authenticating with Keyless and in this case the SDK will return an 20021
error. To provide flexibility, we include the option to disable this check (by setting to false
) in the event where it cannot fully function as designed due to limitations with these specific devices. When set to false
these devices will then be able to authenticate.
For security purposes, we have not detailed exaclty what data these liveness feature leverages, and have remained deliberately vague on the precise implications of the true/false configuration in order to avoid providing insight to attackers. We're of course happy to provide more detailed advice on request in less public settings.
Relax liveness checks for testing purposes
Below follows a liveness configuration example for testing pruposes only should facilitate testing the happy path of "passing the liveness checks".
// ONLY FOR TEST
// Authentication Configuration
val authConfig = BiomAuthConfig(
livenessConfiguration = LivenessSettings.LivenessConfiguration.PASSIVE_STANDALONE_MEDIUM,
livenessEnvironmentAware = false
)
// Enrollment Configuration
val enrollConfig = BiomEnrollConfig(
livenessConfiguration = LivenessSettings.LivenessConfiguration.PASSIVE_STANDALONE_MEDIUM,
livenessEnvironmentAware = false
)
// De-Enrollment Configuration
val deEnrollConfig = BiomDeEnrollConfig(
livenessConfiguration = LivenessSettings.LivenessConfiguration.PASSIVE_STANDALONE_MEDIUM,
livenessEnvironmentAware = false
)
Last updated
Was this helpful?